1123456 matches found
EUVD-2026-33651
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6...
CVE-2026-48865
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6...
CVE-2026-48865 WordPress LearnPress plugin <= 4.3.6 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6...
CVE-2026-48865 WordPress LearnPress plugin <= 4.3.6 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6...
CVE-2026-48865
CVE-2026-48865 affects the WordPress LearnPress plugin up to version 4.3.6. The issue is a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. CVSSv3.1 metrics indicate a network attack vector, with low attack complexity, no pr...
WordPress Enfold theme <= 7.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Enfold versions = 7.1.4...
Cross-site Scripting (XSS)
Overview @vitest/browser is a Browser running for Vitest Affected versions of this package are vulnerable to Cross-site Scripting XSS via the otelCarrier query parameter being directly inserted into an inline script without sanitization. An attacker can execute arbitrary JavaScript in the context...
Cross-site Scripting (XSS)
Overview vitest is a Next generation testing framework powered by Vite Affected versions of this package are vulnerable to Cross-site Scripting XSS via the otelCarrier query parameter being directly inserted into an inline script without sanitization. An attacker can execute arbitrary JavaScript ...
Cross-site Scripting (XSS)
Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the HTML allowlist in dist/purify.cjs.js and related build artifacts. An attacker can inject a selectedcontent element into HTML, triggerin...
DOMPurify XSS via selectedcontent re-clone
Summary DOMPurify 3.4.4 allows selectedcontent by default, allowing a chain in which browsers "re-clone" an XSS payload after sanitization, effectively bypassing DOMPurify. Details The chain is as follows: 1. The browser parses the input and creates a clone from the selected 2. DOMPurify walks an...
GHSA-87XG-PXX2-7HVX DOMPurify XSS via selectedcontent re-clone
Summary DOMPurify 3.4.4 allows selectedcontent by default, allowing a chain in which browsers "re-clone" an XSS payload after sanitization, effectively bypassing DOMPurify. Details The chain is as follows: 1. The browser parses the input and creates a clone from the selected 2. DOMPurify walks an...
Cross-site Scripting (XSS)
Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the HTML allowlist in dist/purify.cjs.js and related build artifacts. An attacker can inject a selectedcontent element into...
WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by anhcd05 in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.9...
WordPress LearnPress plugin <= 4.3.6 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by VanTastic in WordPress Plugin LearnPress versions = 4.3.6...
WordPress Product Filter Widget for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Evan NR in WordPress Plugin Product Filter Widget for Elementor versions = 1.0.6...
WordPress WP Google Review Slider plugin <= 17.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin WP Google Review Slider versions = 17.9...
CVE-2026-48559
CVE-2026-48559 affects Lightweight Music Server (LMS) up to version 3.76.0. The vulnerability is a stored cross-site scripting (XSS) that lets an attacker cause JavaScript execution in the web interface by embedding malicious HTML in media file metadata fields (GENRE, ARTIST, ALBUM). The payload ...
CVE-2026-48559
Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...
CVE-2026-48559 Lightweight Music Server 3.76.0 Stored XSS via Media File Metadata Tags
Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...
EUVD-2026-33640
Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...